Lucene search
K

225350 matches found

EUVD
EUVD
added 2026/05/20 1:25 a.m.16 views

EUVD-2026-31021

The Bigfishgames Syndicate plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2. This is due to missing or incorrect nonce validation on the bigfishgamessyndicatesubmenu function. This makes it possible for unauthenticated attackers to reset...

4.3CVSS5.7AI score0.00158EPSS
Exploits0References5
CVE
CVE
added 2026/05/20 1:25 a.m.18 views

CVE-2026-8423

The JaviBola Custom Theme Test plugin for WordPress is vulnerable to Cross-Site Request Forgery (CSRF) in all versions up to and including 2.0.5 due to missing/incorrect nonce validation on the options page. This allows unauthenticated attackers to change the site’s active theme by modifying the ...

4.3CVSS5.7AI score0.00179EPSS
Exploits0References7
CVE
CVE
added 2026/05/20 1:25 a.m.21 views

CVE-2026-6452

The CVE-2026-6452 entry describes a Cross-Site Request Forgery in the WordPress plugin Bigfishgames Syndicate (versions

4.3CVSS5.7AI score0.00158EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/05/20 1:25 a.m.44 views

CVE-2026-6452 Bigfishgames Syndicate <= 1.2 - Cross-Site Request Forgery to Settings Reset and Update

The Bigfishgames Syndicate plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2. This is due to missing or incorrect nonce validation on the bigfishgamessyndicatesubmenu function. This makes it possible for unauthenticated attackers to reset...

4.3CVSS0.00158EPSS
Exploits0References5
CVE
CVE
added 2026/05/20 1:25 a.m.23 views

CVE-2026-8626

CVE-2026-8626 concerns the SponsorMe WordPress plugin, vulnerable to Reflected Cross-Site Scripting via the PHP_SELF parameter in all versions up to 0.5.2. The issue arises from insufficient input sanitization and output escaping, allowing unauthenticated attackers to inject arbitrary scripts int...

6.1CVSS6AI score0.00266EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/20 1:25 a.m.14 views

CVE-2026-8626

The SponsorMe plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PHPSELF Parameter in all versions up to, and including, 0.5.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...

6.1CVSS6AI score0.00266EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/20 1:25 a.m.10 views

CVE-2026-6452 Bigfishgames Syndicate <= 1.2 - Cross-Site Request Forgery to Settings Reset and Update

The Bigfishgames Syndicate plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2. This is due to missing or incorrect nonce validation on the bigfishgamessyndicatesubmenu function. This makes it possible for unauthenticated attackers to reset...

4.3CVSS5.7AI score0.00158EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/05/20 1:25 a.m.8 views

CVE-2026-8626 SponsorMe <= 0.5.2 - Reflected Cross-Site Scripting via PHP_SELF Parameter

The SponsorMe plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PHPSELF Parameter in all versions up to, and including, 0.5.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...

6.1CVSS6AI score0.00266EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/20 1:25 a.m.38 views

CVE-2026-8423 JaviBola Custom Theme Test <= 2.0.5 - Cross-Site Request Forgery

The JaviBola Custom Theme Test plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.5. This is due to missing or incorrect nonce validation on the options page. This makes it possible for unauthenticated attackers to change the site's active...

4.3CVSS0.00179EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/05/20 1:25 a.m.36 views

CVE-2026-8626 SponsorMe <= 0.5.2 - Reflected Cross-Site Scripting via PHP_SELF Parameter

The SponsorMe plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PHPSELF Parameter in all versions up to, and including, 0.5.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...

6.1CVSS0.00266EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/20 1:25 a.m.7 views

CVE-2026-8423 JaviBola Custom Theme Test <= 2.0.5 - Cross-Site Request Forgery

The JaviBola Custom Theme Test plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.5. This is due to missing or incorrect nonce validation on the options page. This makes it possible for unauthenticated attackers to change the site's active...

4.3CVSS5.7AI score0.00179EPSS
Exploits0References7
EUVD
EUVD
added 2026/05/20 1:25 a.m.10 views

EUVD-2026-31024

The SponsorMe plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PHPSELF Parameter in all versions up to, and including, 0.5.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...

6.1CVSS6AI score0.00266EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/20 1:25 a.m.7 views

CVE-2026-6452

The Bigfishgames Syndicate plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2. This is due to missing or incorrect nonce validation on the bigfishgamessyndicatesubmenu function. This makes it possible for unauthenticated attackers to reset...

4.3CVSS5.7AI score0.00158EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/05/20 1:25 a.m.9 views

CVE-2026-8627 Correct Prices <= 1.0 - Reflected Cross-Site Scripting via PHP_SELF Parameter

The Correct Prices plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' variable in versions up to and including 1.0. This is due to the correctpricespage function echoing $SERVER'PHPSELF' into a form's action attribute without any input sanitization or...

6.1CVSS6AI score0.00221EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/20 1:25 a.m.5 views

CVE-2026-6404

The Anomify AI – Anomaly Detection and Alerting plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'anomifyapikey' parameter in versions up to and including 0.3.6. This is due to insufficient input sanitization and missing output escaping: the plugin applies sanitizetextfie...

4.4CVSS6AI score0.00239EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2026/05/20 1:25 a.m.6 views

CVE-2026-6404 Anomify AI <= 0.3.6 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'anomify_api_key' Parameter

The Anomify AI – Anomaly Detection and Alerting plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'anomifyapikey' parameter in versions up to and including 0.3.6. This is due to insufficient input sanitization and missing output escaping: the plugin applies sanitizetextfie...

4.4CVSS6AI score0.00239EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/05/20 1:25 a.m.37 views

CVE-2026-8627 Correct Prices <= 1.0 - Reflected Cross-Site Scripting via PHP_SELF Parameter

The Correct Prices plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' variable in versions up to and including 1.0. This is due to the correctpricespage function echoing $SERVER'PHPSELF' into a form's action attribute without any input sanitization or...

6.1CVSS0.00221EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/20 1:25 a.m.8 views

CVE-2026-8627

The Correct Prices plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' variable in versions up to and including 1.0. This is due to the correctpricespage function echoing $SERVER'PHPSELF' into a form's action attribute without any input sanitization or...

6.1CVSS6AI score0.00221EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/20 1:25 a.m.12 views

EUVD-2026-31023

The Correct Prices plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' variable in versions up to and including 1.0. This is due to the correctpricespage function echoing $SERVER'PHPSELF' into a form's action attribute without any input sanitization or...

6.1CVSS6AI score0.00221EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/20 1:25 a.m.48 views

CVE-2026-6404 Anomify AI <= 0.3.6 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'anomify_api_key' Parameter

The Anomify AI – Anomaly Detection and Alerting plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'anomifyapikey' parameter in versions up to and including 0.3.6. This is due to insufficient input sanitization and missing output escaping: the plugin applies sanitizetextfie...

4.4CVSS0.00239EPSS
Exploits0References7
Rows per page
Query Builder